WHAT IS CLAIMED IS: 



1. A system for providing biometric authentication, thefeystem using a Web cloud as a 
communication medium, the system comprising: / 

at least one Web client station linked to the Web cloud, the Web client station 
providing selected live data respecting biometric Characteristics of an individual who is using 
the Web client station; 

at least one Web server station linked tfa the Web cloud, access of the Web server 
station via the Web cloud being sought by the/individual using the Web client station and 
being dependent on authentication of the individual; and 

an authentication center linked to at feast one of the Web client and Web server 
stations so as to receive the live data, the Juthentfcatfon center having records of biometric 
data of one or more enrolled individuals, thp au/n^nticition center providing for comparison of 
the live data with selected records, the comparis^being to determine whether the live data 
sufficiently matches the selected records/as to authenticate the individual seeking access 

2. A system as claimed in Claim 1, whereih the Web client stations and the Web server stations 
are linked to the Web cloud via Web connections, the Web connections supporting a secure 
transport protocol. 

3. A system as claimed in Claim 2, whferein the authentication center is linked to at least one of 
the Web client stations and Web server stations via authentication center connections, the 
authentication center connection/ supporting a secure transport protocol. 



4. A system as claimed in Claim sf, wherein at least one of the Web connections and the 
authentication center connect/ons support HTTP. 
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A system as claimed in Claim 3, wherein the authentication center connections are not via the 
Web cloud. 



A system as claimed in Claim 1 , wherein one or moye of the Web client stations comprise a 
Web client and a biometric I/O device, the biometric I/O device acquiring data respecting 
biometric characteristics of the individual and the Web, and the Web client being linked to the 
biometric I/O device for receiving the acquired data or data representative thereof. 
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A system as claimed in claim 6, wherein the Web 



client comprises an interface mechanism, 



the interface mechanism being associated with one or more biometric characteristics, and 
controlling the biometric I/O device based on onjor n^re parameters associated with 

Jroyiaed^from at 



biometric authentication, the parameters being rfrov/i'decffrom at least one of the Web server 
station, the authentication center and the Web Client station. 

8. A system as claimed in claim 7, wherein either or both of the Web client and the interface 
mechanism comprise, respectively, software programs, the software programs being any 
combination of destructive or non-destructive 

9. A system as claimed in claim 7, wherein the ^Veb server station comprises a Web server, the 
Web server providing some or all of the parameters associated with biometric authentication. 
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A system as claimed in claim 9, wherein thej authentication center comprises an authorization 
server linked to one or more biometric servers, each of the biometric servers being linked, 
respectively, to one or more biometric data Dases, the biometric databases being captive. 



the 



11. A system as claimed in claim 9, wherein the authentication center comprises an authorization 
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server linked io one^rmore biometric servers! each of ihe i^^eiric servers being iinked, 



respectively, to one or more biometric datab 
being independent. 



ases, at 



least one of the biometric databases 



12. A system as claimed in claim 1, wherein the A/Veb server station comprises a Web server, the 
Web server providing to the Web client station parameters associated with biometric 
authentication. 



13. A system as claimed in claim 1, wherein the autttenjtfcation center comprises an authorization 

10 server linked to one or more biometric serversV^ach of the biometric servers being linked, 

_ respectively, to one or more biometric databases. 

ill I 

.3 14. A system as claimed in claim 13, wherein at least one of the biometric servers is independent. 

in 
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A system as claimed in claim 1, wherein the Web client station provides for the individual to 

have a claimed identity, and the authentication center supports (i) receiving said claimed 

identity, (ii) providing the selected records based on said claimed identity and (iii) comparing 

/ j 

the live data with the so-provided, selected records. 

16. A method for Web-based, biometric authentication of individuals who are using a Web client 
station, the individual^ seeking access of a Web server station, the method comprising the 
steps of: 

establishing parameters assocfoteifWHt^selected biometric characteristics to be used 



in authentication; 

acquiring, at fhe Web client sta 



receiving, at an authentication center, a message that includes live data; 



selecting, at 



r; biometric data in accordance with the parameters; 



he authentication center, one or more records from among records 



/ 
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associated with one or more-sntoiied individuals; and 

comparing live data with selected records, the comparison determining whether the 
so-compared live data sufficiently r\atches the selected records as to authenticate the individual 
seeking access. 



receiving, at the authenti 



17. A method as claimed in claim 16, further comprising the steps of: 

providing, at the Web cli snt station, a claimed identity associated with the individual; 

cation center, a message that includes the claimed identity; 
determining the acceptability of the message based on the claimed identity; 
if the message is acceptable, providing, at the authentication center, selected records 
that agree with the claimed identity; and 

comparing the received data with ttjie so-provided, selected records 




18. A method as claimed in claim 16, further comprising the step of providing, from the 

authentication center, a response respecting the result of th,e comparing step, this providing 
step comprising the steps/of; 

(A) preparing the response, which step jinclyd^s one or more of the following steps: 

(i) preparing a digital certificate; 

(ii) preparing a page having electronic links to accessible pages associated with one or 
more application servers; 

(iii) preparing an appropriate entry in a biometric database; and 

(iv) preparing! a secure protocol message; and 

(B) effecting the response, which step includes one or more of the following steps: 

(i) downloading th^ response to the Web server station; 

(ii) routing /he response to the Web server station via the Web client station; 

(iii) making an appropriate entry in a selected biometric; 

(iv) downloading the response to the Web client station; and 
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(v) routing thWesponfce to the Web ciient station via tfie Web server station. 



19. A method as claimed in claim n 8, wherein the step of preparing a page having electronic links 
comprises including or activating only those electronic links that are appropriate to the 
confidence level attained in thelcomparing step. 
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20. A method as claimed in claim 161 further comprising the step of establishing secure 

communication channels in and among the Web client station, the Web server station and the 
authentication station. 



21. A method as claimed in claim 20, therein the step^5f*establishing secure communication 
channels comprises: 

(A) employing a Web client ^t the Web client station and a We# server at the Web server 
station, the Web client ^hd the Web sejrver providing^fpf establishing a secure 
communication channel/ between the Vyeb contestation and the Web server station; 
and 

(B) employing an interfacejmechanism aJ4fie Web client station and an authorization 

interface mechanism and the authorization 




server at the authentication center, the 

lishinq 
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server providing for establishing a secure communication channel between the Web 
client station and the authentication center. 



m 
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22. A method as claimed in claim 16, furthercomprising the step of recording selected details of 
the received message a no the results of the comparing step so as to create a biometric audit 
trail. 



23. A method as claimed im claim 22, further comprising the steps of using selected details of the 
received message, ana comparing said selected details with a plurality of records, the 
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comparison determifOg whe 1 
or more of the so-compared 
Web server station. 



her the so-compared selected derails sufficiently match any one 
records, so as to identify the individual seeking access of the 



24. A method as claimed in claini 16, wherein: 

the acquiring step cohnprises plural acquisitions, said plural acquisitions relating to 
one or more biometric characteristics; and 

the establishing parameters step further comprises at least one of the following steps: 
(i) selecting a confidence level from among supported confidence levels, said 
supported confidence levels being categorized in relation to authentication based on using biometric 
data associated with single biometric phsra cte n stlcs-wcU/vit h combinations of biometric 



characteristics; and 



(ii) selecting a trigger event, Sciid trigger event causing the acquisition of 




biometric data. 

25. A method as claimed in clajhn 24, wherein the step ^selecting a trigger event comprises 
selected a time interval for/repeating the authentication steps. 

26. A method as claimed inyfclaim 16, wKerein the step of establishing parameters comprises one 
or more communicatio/is by and among the Web server station, the Web client station and the 
authentication centerJ 



27. A method as claimed in claim 26, wherein the step of establishing parameters further 



V 



comprises the step/ of choosing among negotiable parameters by using predetermined 
arbitration algorithms. 



28. A method as claimed in claim 26, wherein the step of establishing parameters further 
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comprises aownioaorrg a pane trom tne vveD server siaxion urme vveD cnent station 



30. 



responsive to the Web client 
including parameters. 



29. A method as claimed in claipi 
server station comprises the 
alternatives being selectable 



station requesting access of the Web server station, the page 



A method as claimed in clai 



center from among plural authentication centers 




28, wherein 
step of includ 



loading a page from the Web 
that offer alternatives, the 



urther comprising the step of determining an authentication 
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